Can you offer tips for keeping social media accounts and activity secure and compliant?
Ask the Expert!
Got a vexing problem for Mike Chapple or any of our other experts? Ask your enterprise-specific questions today! (All questions are anonymous.)
The first thing you should remember when considering social media security is that everything said on social media is inherently public. You should plan to follow the same guidelines you use for any release of public information when considering a social media presence. The news is full of organizations that have been burned when someone with access to a corporate social media account posted offensive content, intentionally or accidentally, to the organization's feed.
Next, carefully control the passwords to your social media accounts. Make sure that each account is protected with a strong password and that the password is known only to a very small number of individuals. Unfortunately, most social media services are set up in a consumer-oriented fashion and do not have advanced access controls that allow delegation of posting authority, etc. If you need to grant multiple people access to your account, consider using a third-party service that mediates access without requiring shared passwords.
Finally, use common sense when it comes to social media and compliance requirements. Obviously, social media should never be used for credit card processing or to exchange other sensitive information. Publicly traded companies should also be aware of their obligations under Securities and Exchange Commission (SEC) information disclosure regulations. The CEOs of Twitter and Zipcar both recently learned this the hard way when they ran afoul of Regulation Fair Disclosure by posting information to their social media accounts, which had not been filed with the SEC in advance. Information security managers may not have a lot of direct control over what their CEOs do on social media or otherwise, but it's wise to at least do your best to incorporate dos and don'ts into the organization's social media security and compliance best practices policy.
Related Q&A from Mike Chapple
The updated HITRUST Common Security Framework allows organizations to manage privacy, security and compliance with one framework. Here's how it works...continue reading
A HIPAA audit covers privacy compliance, and organizations need to be prepared. Expert Mike Chapple discusses privacy in the audits.continue reading
A data breach warranty may seem like a tempting way to survive a costly attack, but it may not be all it's hyped up to be. Expert Mike Chapple ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.